IT Risk Assessment Tool

besler insights blog corner graphic

Compliance with HIPAA’s security and privacy requirements can be daunting, especially for smaller physician practices and other healthcare providers that do not have the resources and expertise of a hospital or health system.  To assist these providers, the US Department of Health & Human Services (HHS) recently released to the public a security assessment tool.  This application was developed by HHS in collaboration with its Offices of Civil Rights, National Coordinator for Health Information Technology and General Counsel.

Key information about this tool:

  • The application is available to the public at no charge, and can be downloaded by visiting the following website:
  • The application is available for both Windows operating systems and Apple iPads.
  • The application walks the user through nearly 160 questions that tie to the various HIPAA security and privacy requirements, and assists the user in preparing the required risk assessment.
  • The application stores the user’s responses, comments and remediation plans, and can produce a risk assessment report.
  • According to the government’s website, this “tool serves as your local repository for the information and does not send your data anywhere else.”
  • A paper-based version of the tool is also available to be downloaded from the above website.

HHS’ announcement of this application highlights its use and importance:

By conducting these risk assessments, healthcare providers can uncover potential weaknesses in their security policies, processes and systems.  Risk assessments also help providers address vulnerabilities, potentially preventing health data breaches or other adverse security events.  A vigorous risk assessment process supports improved security of patient health data.

Please contact David Bongiovanni at with any questions you may have. He can also be reached by phone at 609-514-1400.

SUBSCRIBE for Weekly Insider Updates

  • Podcast Alerts
  • Healthcare Finance News
  • Upcoming Webinars

By submitting your email address, you are agreeing to receive email communications from BESLER.

BESLER respects your privacy and will never sell or distribute your contact information as detailed in our Privacy Policy.

New Webinar

Wednesday, December 14, 2022

live streaming

Partner with BESLER for Proven Solutions.